Department for Digital, Culture, Media and Sport

Call for Views on Resilience and Security of Software used by Businesses and Organisations

Lord Parkinson of Whitley Bay: I am repeating the following Written Ministerial Statement made today in the other place by my Honourable Friend, the Minister for Media, Data, and Digital Infrastructure, Julia Lopez MP:I am pleased to inform the House that the government has published a document entitled, “Call for views on software resilience and security for businesses and organisations”. This document sets out the government’s existing assessment of the cyber security risks posed by software and seeks responses from industry, academia, and other organisations, over a twelve-week period. These views will help to formulate UK government policy in this area.Digital technologies play a crucial and ever-increasing role in the UK economy, and in the day-to-day lives of citizens. Increasing digitisation brings huge economic and social opportunities and the UK is well placed to take full advantage of this. Embracing digital technologies across our economy is crucial to delivering the ambitions we set out in the National Cyber Strategy and UK Digital Strategy to secure the UK’s prosperity, national security, global competitiveness and geo-political standing in the world.To achieve these aims, we must ensure consumers and businesses feel confident in the use of digital technologies, which means the foundations of our technology must be secure. Software is a fundamental building block of all digital environments, and is often the point of entry for a cyber attack. Over the past 3 years, there has been an average annual increase of more than 700% in the number of software supply chain attacks globally. Incidents in recent years such as the 2020 SolarWinds attack and the discovery of the Log4j vulnerability in 2021, have demonstrated the widespread impact that software incidents can have on national security as well as businesses, charities, educational institutions and other organisations operating across the UK. Strengthening the resilience of software is an important part of strengthening organisational cyber resilience more widely. This will help reduce the cyber threat to the economy and prevent harm to businesses, UK citizens and the UK’s worldwide customers.As such, we have launched this twelve-week call for views process, where we welcome views on the key risks linked to software, and where the government will be best placed to help mitigate them. These views will help shape UK government policy, and ensure that our resources are directed at the highest priority areas. We look forward to working with organisations, policymakers, academics, international partners and other interested parties, to make the UK a stronger and more secure place for organisations to do business.I will place a copy of the ‘Call for Views on the Resilience and Security of Software used by Businesses and Organisations’ document in the Libraries of both Houses.

Home Office

Terrorism Prevention and Investigation Measures (1 September to 30 November 2022)

Lord Sharpe of Epsom: My rt hon Friend the Minister of State for Security (Tom Tugendhat) has today made the following Written Ministerial Statement:Section 19(1) of the Terrorism Prevention and Investigation Measures (TPIM) Act 2011 (the Act) requires the Secretary of State to report to Parliament as soon as reasonably practicable after the end of every relevant three-month period on the exercise of her TPIM powers under the Act during that period. The level of information provided will always be subject to slight variations based on operational advice. TPIM notices in force (as of 30 November 2022)2Number of new TPIM notices served (during this period)1TPIM notices in respect of British citizens (as of 30 November 2022)2TPIM notices extended (during the reporting period)0TPIM notices revoked (during the reporting period)0TPIM notices expired (during reporting period)0TPIM notices revived (during the reporting period)0Variations made to measures specified in TPIM notices (during the reporting period)1Applications to vary measures specified in TPIM notices refused (during the reporting period)1The number of subjects relocated under TPIM legislation (during this the reporting period)1 The TPIM Review Group (TRG) keeps every TPIM notice under regular and formal review. TRG meetings were held on 19 and 26 October 2022. On 4 October 2022 one individual pleaded guilty to one count of breaching the residence measure of the TPIM notice. The individual was sentenced to a four week night-time curfew and a fine of £100.